Loading ...
Sorry, an error occurred while loading the content.

49Re: ADsafe

Expand Messages
  • collin_jackson
    Sep 30 4:09 PM
    • 0 Attachment
      Square brackets are clearly problematic, as they allow access to eval.
      I suggest you deny them entirely and (optionally) allow authors use
      the ADSAFE API to proxy their array indexing.

      Instead of
      foo[bar] = foo[bar] + 1;
      Use
      ADSAFE.setIndex(foo, bar, ADSAFE.getIndex(foo, bar) + 1);

      The ADSAFE getIndex and setIndex API could ensure that "bar" is a
      number or safe string.

      --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
      >
      > JSLint.com contains an ADsafe feature. Its intent is to enforce a safe
      > subset of JavaScript for use in ads and widgets. ADsafe requires no
      > transformations. It relies solely on verification. Its rules require
      > that programs be written in a functional style. It rejects programs
      > written in the pseudoclassical or prototypal styles. I am finding that
      > the functional style is the most expressive. It also has the best
      > security properties.
      >
      > ADsafe does not allow definition of global variables or functions. It
      > grants one capability, the ADSAFE object, through which other
      > capabilities might be obtained. It does not allow access to any
      > globals except for the ADSAFE object. It does not allow modification
      > of the ADSAFE object. It does not allow method invocations in the []
      > form. It does not allow the use of these names:
      >
      > apply call callee caller clone constructor eval new
      > prototype source this toSource toString watch
      >
      > I need your help in testing its robustness. Are the rules sufficient
      > to prevent all direct access to the DOM and the global object? Are
      > there any small leaks that I am unaware of? Is the approach I'm taking
      > inherently unsound? What additional restrictions are required to
      > prevent unintended collusion?
      >
      > So this is the test:
      >
      > Write a program in the form
      >
      > (function () {
      > ...
      > })();
      >
      > where the ... is replaced by code that calls the alert function when
      > run on any browser. If the program produces no errors when linted with
      > the ADsafe option, then I will buy you a plate of shrimp.
      >
    • Show all 36 messages in this topic